Saturday, March 02, 2019

While Two
Nuclear Powers Were On The Brink Of War, A Full-Blown Online
Misinformation Battle Was Underway

India and Pakistan, both countries that possess
over a hundred nuclear warheads each, came close to the brink of war
this week. But even as fighter aircraft from both nations invaded
each other’s air space, a full-blown misinformation war about the
conflict raged on the internet.

“Misinformation
has been used to start wars throughout history. It would be foolish
to think that our time is the exception to the rule,”
Aviv Ovadya, cofounder of the Thoughtful Technology Project, a San
Francisco–based nonprofit dedicated to preventing harmful
misinformation, told BuzzFeed News.

… India and Pakistan have fought wars
previously and have been engaged in a decadeslong territorial dispute
over the Kashmir Valley. But this conflict is the first one to take
place since social media became ubiquitous.

Fact-checkers in India say that the deluge of
misinformation around tensions between India and Pakistan that has
flooded the internet is “unprecedented.” Also unusual was the
fact that official handles run by the Pakistan army shared two videos
(one was later deleted) of the Indian pilot captured on Pakistani
soil. The deleted video showed the pilot injured and being escorted
away from mobs by Pakistan’s army soon after his plane crashed —
it was released before the Indian government confirmed that the pilot
was now a prisoner of war, and is
still being shared by right-wing Indian WhatsApp groups.
The second video, which was shared by the Pakistan military’s
official spokesperson soon after, had a palliative effect on
revenge-thirsty Indian Twitter: After seeing the Indian pilot
praising Pakistani officers for being “thorough gentlemen” and
drinking their tea, people
online slowly began to favor the hashtag #SayNoToWar, as opposed to
#SayYesToWar, which had been trending before.

The only place in San Francisco still pricing real
estate like it’s the 1980s is the city assessor’s office. Its
property tax system dates back to the dawn of the floppy disk. City
employees appraising the market work with software that runs
on a dead programming language and can’t
be used with a mouse. Assessors are prone to make
mistakes when using the vintage software because it can’t display
all the basic information for a given property on one screen. The
staffers have to open and exit several menus to input stuff as simple
as addresses. To put it mildly, the setup “doesn’t reflect
business needs now,” says the city’s assessor, Carmen Chu.

At a February 27, 2019 hearing on
“Privacy Principles for a Federal Data Privacy Framework in the
United States,” Republican and Democratic members of the Senate
Commerce, Science, & Transportation Committee offered different
perspectives on whether new federal privacy legislation should
preempt state privacy laws.

Chairman Roger Wicker (R-MS), who
described the hearing as a chance to “set the stage” for
bipartisan legislation, stressed
the importance of preemption, as did Sen. Marsha Blackburn (R-TN).
Wicker noted that a national standard would provide greater certainty
for consumers, and that a preemptive framework does not necessarily
mean “weaker” protections than those included in state privacy
laws. Ranking Member Maria Cantwell (D-WA), by contrast, said the
focus on preemption (rather than new rights for consumers) was
“disturbing,” and wondered
if U.S. companies were trying to “shut down” the California
Consumer Privacy Act (“CCPA”). Similarly, Sen.
Richard Blumenthal (D-CT) warned that U.S. companies must convince
Congress that they want “something more” than just preemption.

Despite their apparent differences on
preemption, committee members broadly agreed that the “notice and
choice” approach to privacy protections is insufficient.

Microsoft
Excel will now let you snap a picture of a spreadsheet and import it

Microsoft is adding a very
useful feature to its Excel mobile apps for iOS and Android. It
allows Excel users to take a photo of a printed data table and
convert it into a fully editable table in the app. This feature is
rolling out initially in the Android Excel app, before making its way
to iOS soon. Microsoft is using artificial intelligence to implement
this feature, with image recognition so that Excel users don’t have
to manually input hardcopy data. The feature will be available to
Microsoft 365 users.

… To combat foreign interference such as that
witnessed in the US presidential elections in 2016, ENISA is
providing guidelines to all election stakeholders.

… According to the document – Election
Cybersecurity: Challenges and Opportunities – a democratic
society needs a well-protected election lifecycle, from the
maintenance of the electoral register and the public political
campaigning process to the actual voting and the delivery of the
results.

Facebook
admits 18% of Research spyware users were teens, not <5 font="">5>

Facebook
has changed its story after initially trying to downplay how it
targeted
teens with its Research program that a TechCrunch investigation
revealed was paying them gift cards to monitor all their mobile app
usage and browser traffic. “Less than 5 percent of the people who
chose to participate in this market research program were teens” a
Facebook spokesperson told TechCrunch and many other news outlets in
a damage control effort 7 hours after we published our report on
January 29th. At the time, Facebook claimed that it had removed its
Research app from iOS. The next morning we learned that wasn’t
true, as Apple had already forcibly blocked the Facebook Research app
for violating its Enterprise Certificate program that supposed to
reserved for companies distributing internal apps to employees.

… In the response from Facebook’s VP of US
public policy Kevin Martin, the company admits that (emphasis ours)
“At the time we ended the Facebook Research App on Apple’s iOS
platform, less than 5 percent of the people sharing data with us
through this program were teens. Analysis shows that number
is about 18 percent when you look at the complete lifetime of the
program, and also add people who had become inactive and uninstalled
the app.”

Ireland's
Data Protection Commission (DPC), headed by the Commissioner for Data
Protection, Helen Dixon, has published its first annual report since
the General Data Protection Regulation (GDPR) came into force in May
2018. It shows that Europeans are taking their new privacy rights
very seriously. In the five months of 2018 pre-GDPR, the DPC
received 1,249 privacy complaints. In the seven months post-GDPR, it
received a further 2,864. The total of more than 4,000 complaints in
2018 is up from less than 1000 in 2015.

The
section of the report (PDF)
most relevant to Americans and American firms operating in Europe,
however, is Section 7: Technology Multinationals Supervision.

Thailand’s military-appointed parliament on
Thursday passed a controversial cybersecurity law that gives sweeping
powers to state cyber agencies, despite concerns from businesses and
activists over judicial oversight and potential abuse of power.

The Cybersecurity Act, approved unanimously, is
the latest in a wave of new laws in Asian countries that assert
government control over the internet.

… The law allows the National Cybersecurity
Committee (NCSC) to summon individuals for questioning and enter
private property without court orders in case of actual or
anticipated “serious cyber threats.”

An additional Cybersecurity Regulating Committee
will have sweeping powers to access computer data and networks, make
copies of information, and seize computers or any devices.

Court warrants are not required for those actions
in “emergency cases,” and criminal penalties will be imposed for
those who do not comply with orders.

Thursday, February 28, 2019

Proposed
Data Privacy Act for Washington State Could Be a Game-Changer

Inspired by the example of the European General
Data Protection Regulation (GDPR), Washington State is now
considering a comprehensive data privacy act that would protect the
personal information of its citizens. If the new Washington Privacy
Act (SB 5376) passes the state legislature this year, it would make
Washington only the second state in America to adopt a comprehensive
data privacy law.

… In fact, much of the language used within
the Washington data privacy act is almost exactly the same as that
found within the GDPR, especially when it comes to the definition of
“personal data” and the notion of which protections should be
offered to consumers as a fundamental basis of security and privacy.

With an emphasis on protecting personal
information, the Washington data privacy act gives state residents
several key rights, including the right to the deletion of data; the
right to request any data errors to be corrected; the right to
receive a personal copy of any personal data collected by a company
in electronic format; and the right to withdraw consent from any
personal data being processed.

Today, the Future of Privacy Forum submitted
comments to the Washington State Senate Ways & Means
Committee on the proposed Washington Privacy Act, Senate Bill 5376.
FPF takes a “neutral” position regarding the Bill, and makes a
few important points.

Partner Colin Zick and Associate Jeremy
Meisinger presented to the Massachusetts Health Information
Management Association on the legal issues presented by the continued
development of voice technology in healthcare. Click
here to download the slides.

Why not a simple Traffic Robot? Don’t tie down
a human, drop off a sensor loaded automaton and we’re good until
the lights come back on.

BillTrack50
is available for everyone to research state and federal legislation
and legislators – free

“BillTrack50
is a free service for citizens to look up information about federal
and state bills and legislators. Register
for a free account to start searching right away. We also provide
tools appropriate for professionals to help track
bills, and to help organizations share
important information on their own website. To see how the free and
paid services compare, see our comparison
matrix.”

The United States Cyber
Command launched an offensive campaign to silence one of Russia’s
most notorious troll operations on the day of the 2018 midterm
elections, according to a
new report by The Washington Post. The operation
targeted the Internet Research Agency, a private company linked to
the Kremlin and often used for disinformation campaigns.

The US operation seems to
have taken the IRA entirely offline during Election Day, to the point
that many employees complained to systems administrators that they
were unable to access the internet, according to the Post’s
sources.

… It’s one of the most
aggressive publicly reported campaigns the cyber command has yet
taken, and the legal status of such actions remains in flux. In
theory, infrastructural attacks against agents of a foreign
government could have significant diplomatic repercussions, and run
the risk of being taken as an act of war. But in
practice, these actions are rarely officially attributed and
political blowback is typically minimal.

The official database of the Ministry of Silly
Walks? Every ache and pain is reflected in my ‘silly walk.’

South
China Morning News: “You can tell a lot of things from the way
someone walks. Chinese artificial intelligence start-up Watrix says
its software can identify a person from 50 metres away – even if
they have covered their face or have their back to a camera –
making it more than a match for Sherlock Holmes. Known as gait
recognition, the technology works by analysing thousands of metrics
about a person’s walk, from body contour to the angle of arm
movement to whether a person has a toe-in or toe-out gait, to then
build a database. “With facial recognition people need to look
into a camera – cooperation is not needed for them to be recognised
[by our technology],” said Huang Yongzhen, co-founder and chief
executive of Watrix, in an interview in Beijing.

Features like this have given Watrix an edge in
catching runaway criminals, who tend to avoid surveillance, said
Huang. Police on the streets of Beijing, Shanghai and Chongqing,
have already run trials of gait recognition technology, said Huang,
and the company officially launched its 2.0 version last week, which
supports analysis of real-time camera feeds at a mega-city level.
“We are currently working with police on criminal investigations,
such as tracking suspects from a robbery scene,” said Huang, who
was dressed all in black for the interview in his company office.
“Currently, China has about 300,000 wanted criminals on the loose
and counting. [Our software’s] database includes those with a prior
gait record…”

Avalon
2019: Boeing to partner with Australia on development of multimission
unmanned aircraft system

Boeing and Australia's
Department of Defence (DoD) are to partner in developing a concept
demonstrator for a large unmanned aircraft system (UAS) that will
support and protect air combat missions.

… Dr Shane Arnott, director of Boeing's
Phantom Works International, said system development had been under
way for some time, but declined to say for how long.

The first flight will take place in Australia and
is scheduled for 2020. The model unveiled at Avalon was
representative of the intended flight vehicle, he said.

Although the platform would be powered by a single
light commercial jet engine to save costs, "it will need to take
off from the same runways and run the same speeds" as the
aircraft with which it was teamed.

The system is not remotely piloted but will be
semi-autonomous and controlled from both the ground and the air, he
explained. "The intention is the teaming system will be an
extension of the air power assets that it will be supporting,"
Arnott explained.

… On February 26, the Indian military launched
what it said were retaliatory air raids which allegedly
destroyed a "terrorist" training camp in Pakistan's
Khyber Pakhtunkhwa province. Pakistan for its part also responded
with air raids across the line of control (LoC) which separates
Indian- from Pakistan-administered Kashmir
and claims to have downed
two Indian fighter jets.

Military standoffs or escalations between India
and Pakistan are not new, nor is the use of military means to settle
scores. However, what sets this round of escalation apart is that
this is the first time since the 1971 Indo-Pakistani war that the two
countries attack targets deep within each other's territories.

A foreign power with possible unbridled access to
Europe’s data is causing alarm in the region. No, it’s not
China. It’s the U.S.

As the U.S.
pushes ahead with the “Cloud Act” it enacted about a year ago,
Europe is scrambling to curb its reach. Under the act, all U.S.
cloud service providers from Microsoft
and IBM to Amazon
– when ordered – have to provide American authorities data stored
on their servers regardless of where it’s housed. With those
providers controlling much of the cloud market in Europe, the act
could potentially give the U.S. the right to access information on
large swaths of the region’s people and companies.

… The Cloud Act (or the “Clarifying Lawful
Overseas Use of Data Act”) addresses an issue that came up when
Microsoft in 2013 refused to provide the FBI access to a server in
Ireland in a drug-trafficking investigation, saying it couldn’t be
compelled to produce data stored outside the U.S.

The act’s extraterritoriality spooks the
European Union – an issue that’s become more acute as
trans-Atlantic relations fray and the bloc sees the U.S. under Trump
as an increasingly unreliable ally.

On
February 19, the European Telecommunications Standards Institute
(ETSI) published the ETSI TS 103 645 V1.1.1 – or more simply, a
high-level outcome-focused standard (PDF)
for cybersecurity in the consumer-oriented Internet of Things (IoT).

… The
cybersecurity provisions are provided in section 4 of the standard.
There are thirteen in total, some being simple statements and others
comprising multiple subsections. For example, the total of provision
4.1 requires little more than its heading: "No
universal default passwords."

The
use of biometric technology is fast becoming the next big thing in
privacy litigation. There was last month’s decision
by the Illinois Supreme Court that upheld a consumer’s right to sue
companies for collecting biometric data – such as fingerprints and
iris scans – without first disclosing how such information will be
used. See our blog on that ruling here.

And
now, the debate surrounding the use and collection of biometric data
has expanded beyond challenging the biometric collection practices in
the private sector, to challenging the practices of state and local
governments including law enforcement.

In
Center for Genetics and Society v. Becera, a lawsuit
filed late last year in California state court, two nonprofit
organizations and an individual sued the state of California,
challenging its DNA
Fingerprint, Unsolved Crime and Innocence Protection Act (the
“DNA Act”). The DNA Act authorizes the retention of DNA samples
collected from people arrested on suspicion of a felony.

State officials proposed a new amendment to the
California Consumer Privacy Act (CCPA) on Monday that would allow
consumers to sue companies that violate the new law. Currently,
consumers can only file a lawsuit if they're victims of a data breach
and only when the state's department of justice has decided not to
sue on consumers' behalf.

… James P. Steyer, CEO of Common Sense, a
non-profit organization that promotes safe technology use, said the
amendment will take some of
the burden of enforcing and monitoring violations off the attorney
general's plate.

"Companies with endless resources will do
everything they can to make it difficult for the AG," Steyer
said in a statement. "By allowing consumers their own right to
take action to hold bad actors accountable for violating their
privacy, this law adds needed enforcement teeth to CCPA and Common
Sense is firmly in support."

The amendment would also remove
the current waiting period that gives businesses 30 days to attempt
to remedy a violation and retract any exposed data from
public view to avoid penalties.

… This new amendment follows legislation
proposed on Thursday that would require companies to notify
California residents when their passport, passport card or green card
numbers are compromised in data breaches. It would also require
customers be notified of compromised biometric information such as
fingerprints.

Axios:
“…A full 81% of consumers say that in the past year they’ve
become more concerned with how companies are using their data, and
87% say they’ve come to believe companies that manage personal data
should be more regulated, according to a survey out Monday by IBM’s
Institute for Business Value. Yes, but: They aren’t
totally convinced they should care about how their data is being
used, and many aren’t taking meaningful action after privacy
breaches, according to the survey. Despite increasing data risks,
71% say it’s worth sacrificing privacy given the benefits of
technology…”

… Miller, who was appointed to the court by
President George W. Bush in 2006, noted that the Supreme Court upheld
excluding women from the draft in 1981 because women were excluded
from combat duty. Because that
prohibition was lifted in 2015, he wrote, excluding them from
registering for the draft made no constitutional sense.

Thoughtful
Entertainment Streaming now for free with your library card

kanopy – Over
30,000 films entirely free with a library card from participating
libraries – “The films that truly resonate with us do more
than just entertain. They inspire us, enrich us, and challenge our
perspectives. Kanopy ensures that these films reach viewers around
the world. We stream thoughtful entertainment to your preferred
device with no fees and no commercials by partnering with public
libraries and universities. Everyone from film scholars to casual
viewers will discover remarkable and enriching films on Kanopy. Log
in with your library membership and enjoy our diverse catalog with
new titles added every month…”

Sunday, February 24, 2019

… In 2011, Reliance, whose core business was
oil and infrastructure, decided to build a vast broadband network, a
business in which it had no
experience but plenty of rivals. It had acquired a
telecom company that owned mobile spectrum licenses, and it muscled
in on its competitors. Barely 28 million Indians then owned
smartphones. Reliance aimed to blanket India with broadband
coverage, which was available only in big cities. After decades
building pipelines and refineries, Reliance erected 220,000 mobile
towers across India, often building more than 700 in a single day.
In all, the project cost more than $30 billion.

In September 2016 it launched the Reliance Jio
telecom network, offering people free mobile data for the first six
months. Indians stampeded to grab the offer. Reliance Jio signed
100 million subscribers within six months and 250 million by its
second anniversary last September. Its
cheap plans set off a price war and drove down India’s data prices,
from about $4.50 a gigabyte in 2016 to a rock-bottom 15¢ now,
cutting deeply into competitors’ profits. For Reliance the pricing
proved a masterstroke, establishing itself as a key phone and
Internet service provider. Reliance Jio now sells $20 phones, and it
is rolling out connected devices for cars, TV monitors, and home
appliances.

… For
Google, the disruption is a potential gold mine.
Together, Reliance Jio’s network and Prime Minister Modi’s
policies have cracked open markets that until now have been out of
reach, or too small to be worth the investment. In 2017, shortly
after Jio’s launch, Google created its first-ever digital payments
app, Tez, seizing on the millions of Indians who were suddenly making
digital payments. Last year, it renamed the app Google Pay. It now
has about 40 million monthly active users in India, and is available
in 29 countries, including the U.S., with about $60 billion in
transactions in 2018, according to Google.

… The European Patent Office has recently
amended its ‘Guidelines for Examination’ by including a new
section containing advice about how patents related to AI and machine
learning technologies should be assessed. The guidance clarifies
that whilst algorithms are regarded as ‘computational’ and
abstract in nature, which means they are not patentable per se, once
applied to a technical problem they may become eligible for patent
protection. Beneficially, the approach outlined in the guidance is
similar to that currently used to assess the patentability of
computer-implemented inventions.

To clarify, one of the keys to patentability lies
in an invention’s ‘technical effect’. If an AI or machine
learning invention is shown to have an effect in a real-world
application, it is likely to be deemed patentable under the European
Patent Convention

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.